Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: package qualifier for platform CPE #1291

Merged
merged 1 commit into from
May 17, 2023
Merged

feat: package qualifier for platform CPE #1291

merged 1 commit into from
May 17, 2023

Conversation

westonsteimel
Copy link
Contributor

This allows filtering vulnerability matches that are only applicable when running on specific platforms. It currently supports filtering matches that are only applicable for windows, debian, and ubuntu when the underlying distro is known and does not match.

Additionally, wordpress platform matches are always filtered since wordpress plugins are not currently discoverable by syft and can be a significant source of false-positive matches. These are already filtered when the target software component of the CPE is used rather than a running on platform CPE configuration.

@westonsteimel westonsteimel requested a review from a team May 12, 2023 10:46
@westonsteimel westonsteimel mentioned this pull request May 12, 2023
Merged
@westonsteimel westonsteimel force-pushed the platform-cpe-qualifier branch 2 times, most recently from 5bc3d14 to a206485 Compare May 12, 2023 11:37
@westonsteimel
feat: package qualifier for platform CPE
bb1f3ef 
This allows filtering vulnerability matches that are only applicable
when running on specific platforms.  It currently supports filtering
matches that are only applicable for windows, debian, and ubuntu when
the underlying distro is known and does not match.

Additionally, wordpress platform matches are always filtered since
wordpress plugins are not currently discoverable by syft and can be
a significant source of false-positive matches.  These are already
filtered when the target software component of the CPE is used
rather than a running on platform CPE configuration.

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
@westonsteimel westonsteimel added the enhancement New feature or request label May 12, 2023
wagoodman
wagoodman reviewed May 17, 2023
View reviewed changes
grype/db/v5/store/model/vulnerability_test.go
@@ -6,16 +6,17 @@ import (
"github.com/stretchr/testify/assert"

"github.com/anchore/grype/grype/db/internal/sqlite"
v4 "github.com/anchore/grype/grype/db/v5"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ha! at least the import was accurate even if the alias was a lie -- good find.

@westonsteimel westonsteimel merged commit d34b281 into main May 17, 2023
9 checks passed
@westonsteimel westonsteimel deleted the platform-cpe-qualifier branch May 17, 2023 12:35
@dependabot dependabot bot mentioned this pull request May 23, 2023
Merged
@westonsteimel westonsteimel mentioned this pull request Jun 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@westonsteimel @wagoodman